Airlines and hotels face customer concerns arising from anti-terrorism efforts
The Transportation Security Administration said last week that it may force airlines to provide information on passengers to test a new counterterrorism program, raising hackles in an industry that's already facing lawsuits filed by passengers for having previously shared such data without their knowledge. The outcome of the dispute could set a precedent for how much data companies share with federal agencies in the name of national security.
The latest development involving the Computer Assisted Passenger Prescreening System II, or CAPPS II, shines a light on a growing concern among airlines and other travel-related companies that counterterrorism efforts increasingly involve requests for information about their customers.
"The airlines will not voluntarily turn over this data," says Doug Wills, VP of external affairs for the Air Transport Association, the trade organization for the major U.S. airlines. While the association supports the concept of CAPPS II, its members want more privacy guarantees before they supply data for any purpose.
David Stone, acting administrator for the TSA, told the House of Representatives' aviation subcommittee that the agency is prepared to propose a rule forcing airlines to hand over passenger data to test CAPPS II's security and privacy safeguards. A TSA spokeswoman says the administration wants to work closely with the airlines. "We really want to ensure that we have an open, transparent, acceptable process that includes interactive discussion on all the issues associated with CAPPS II," she says.
The government is as concerned about privacy as businesses are, Homeland Security's O'Connor Kelly says.
Photo of Nuala O'Connor Kelly by David Deal
Airlines and other businesses are caught between their duty and desire to help prevent terrorism and the need to maintain customer loyalty. Two airlines face pending class-action suits: JetBlue Airways, for giving a government contractor customer data to test an experimental Defense Department data-mining project; and Northwest Airlines, for giving similar data to NASA for an unspecified research test. Nuala O'Connor Kelly, chief privacy officer for the Department of Homeland Security, which oversees the TSA, last month concluded that the administration violated the spirit of federal privacy laws when it compelled JetBlue to provide its customer data to the federal contractor in 2002.
Stone testified that CAPPS II will flag fewer innocent passengers for security review. Under the current CAPPS system, airlines' reservation systems check passenger information against a government-supplied watch list. Putting the passenger-screening system and process in the federal government's hands would ensure a consistent approach, Stone said. The TSA also believes that consolidating the data would allow for more effective use of up-to-date intelligence information and make it easier to identify higher-risk flights and airports.
Passengers' identities would be authenticated by matching airlines' data against a TSA database maintained by a private-sector data aggregator such as LexisNexis or Acxiom Corp., then checked against a federal terrorism database and lists of individuals who have outstanding warrants for violent criminal acts. Precautions to protect privacy include installing private networks between the TSA and the airlines that would pass only encrypted data; requiring the data to pass through a multitier firewall before entering the TSA system; and implementing a 24-hour audit trail that documents all access to data, Stone said.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.